Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 8 usuários online :: 0 registrados, 0 invisíveis e 8 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Erro Ativação do Firewall
3 participantes
Página 1 de 1
Erro Ativação do Firewall
por Aline Angélica Qua 14 maio 2014, 18:11
Olá Max, tudo bom? Abaixo falo novamente sobre o meu problema. 
Estou com problemas para ativar o Firewall do Windows, quando tento ativá-lo aparece uma mensagem com o seguinte código: 0x8007042c. Já tentei todas as sugestões da microsoft para reativá-lo, mas não deu certo.
Vocês podem me ajudar?
Abraços,
Aline Angélica
Estou com problemas para ativar o Firewall do Windows, quando tento ativá-lo aparece uma mensagem com o seguinte código: 0x8007042c. Já tentei todas as sugestões da microsoft para reativá-lo, mas não deu certo.
Vocês podem me ajudar?
Abraços,
Aline Angélica
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Erro Ativação do Firewall
por Power Max Qua 14 maio 2014, 18:19
Oi Aline.
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Log ZHP
por Aline Angélica Sáb 17 maio 2014, 19:24
Olá de novo Max, desculpe a demora, estava sem acesso ao PC esses dias.
Segue o LOG:
~ Relatório do ZHPDiag v2014.5.17.66 - Nicolas Coolman (17/05/2014)
~ Iniciado por Aline (17/05/2014 19:15:37)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
AVG 2012 v12.0.2437
Malwarebytes Anti-Malware versão 2.0.1.1004
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Norton Internet Security v19.1.0.28
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29625 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 68 GB (45%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ALINE-PC
~ User Name: Aline
~ All Users Names: Mamãe, HomeGroupUser$, Giulia, Convidado, Aline, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aline\AppData\Roaming\
~ %Desktop% : C:\Users\Aline\Desktop\
~ %Favorites% : C:\Users\Aline\Favorites\
~ %LocalAppData% : C:\Users\Aline\AppData\Local\
~ %StartMenu% : C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 68 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/522
~ Mes musiques (My Musics) : 153/697
~ Mes Videos (My Videos) : 14/69
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/25
~ Mon Bureau (My Desktop) : 10/347
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 08s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [519720] [PID.772]
[MD5.1EE3643D1AA747222427F63353611AD7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.932]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1580]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1804]
[MD5.44CEAFF41EDE4297F30913DDF80D17C1] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549] [PID.1828]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1856]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1892]
[MD5.8C707EF32463DCAE31CE8549E6F65E66] - (...) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [10900480] [PID.428]
[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.No owner - nTitles PSIService.) -- C:\Windows\system32\PSIService.exe [177704] [PID.2232]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2284]
[MD5.687C6930244387AA5E479B16DEFE4175] - (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe [59440] [PID.2852]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2776]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2616]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3512] =>Toolbar.Google
[MD5.F11C101AA20E5FFC388E62958B90FF38] - (.Apache Software Foundation - Apache HTTP Server Monitor.) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [41051] [PID.3644]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [641832] [PID.2588]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.5352]
[MD5.36C727491F1F934EF3CAEE686C946DE5] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [296392] [PID.4476]
[MD5.C948AC73822CA662CF44185B909EA18B] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [720064] [PID.208]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.2484]
[MD5.1F0D27B7142CDEA3FBEC7A7DE56D3D1B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7877120] [PID.5788]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.1016]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Aline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\177jdijm.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 28 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 28 Legitimates Filtered in 00mn 01s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Giulia]: hao123.lnk . (...) -- C:\Users\Aline\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1101.exe (.not file.) =>Adware.BDSearch
O4 - GS\QuickLaunch [Aline]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 42s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AnySend Updater] C:\Program Files\AnySend\AnySendUpdater.exe (.not file.)
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (.not file.)
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1471754635-3302239287-417469607-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-1471754635-3302239287-417469607-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -- C:\Program Files\AVG\AVG2012\avgdtiex.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
O23 - Service: MySQL56 (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
~ Services: 12 Legitimates Filtered in 00mn 25s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{05A55A91-EB5A-4D88-86BC-9ADBDEE1A2A5}] (...) -- C:\Users\Aline\Downloads\B2CAppSetup (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0B1E984E-6450-42F2-8DE4-F1064355EE1F}] (...) -- C:\Users\Aline\Downloads\bankerfix.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3E2467A3-2330-4738-BA4F-7993C1158BDC}] (...) -- C:\Users\Aline\Downloads\auxsetup_x86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{73992451-FBBF-4DE4-91C5-CCAC0A34AFD6}] (...) -- C:\Users\Aline\Desktop\zoek.pif -d C:\Users\Aline\Desktop (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{78499667-0343-4A0A-A50D-6C5F546C68B1}] (...) -- D:\Install_Win\install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BE037BDF-18C3-4E4A-ACDE-E86613F13E56}] (...) -- C:\Users\Aline\Desktop\VirtualDub\auxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CEFEFDE2-032F-410E-8C84-F4B96A2078F9}] (...) -- C:\Users\Aline\Desktop\zoek.scr -d C:\Users\Aline\Desktop -c \S (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
~ Scheduled Task: 44 Legitimates Filtered in 00mn 23s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 08s
---\\ Software instalados (042)
O42 - Logiciel: BB Token Admin Tool - (.Watchdata Technologies Pte., Ltd..) [HKLM] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
~ Key Software: 319 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/01/2014 - 12:11:45 - [] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 07/10/2013 - 17:42:04 - [] ----D C:\Program Files\Brazil
O43 - CFD: 06/03/2014 - 09:25:13 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 14/04/2013 - 23:07:14 - [] ----D C:\Program Files\UnlockPhone
O43 - CFD: 11/08/2012 - 09:41:20 - [0] ----D C:\Program Files\v9Soft
O43 - CFD: 24/01/2014 - 12:09:49 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/05/2013 - 16:27:06 - [] ----D C:\Users\Aline\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 29/09/2013 - 16:50:07 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint
O43 - CFD: 04/07/2013 - 02:20:48 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint.F58001C6A320BE09FB6D7E092A4A96AA9BF1591A.1
~ Program Folder: 237 Legitimates Filtered in 00mn 04s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 12/05/2014 - 22:23:52 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.3F4C462EAA0D94D2B7428F2AE41C2D8A] - 12/05/2014 - 23:13:35 ---A- . (...) -- C:\DelFix.txt [743]
O44 - LFC:[MD5.00187AA2D82BBB30BF2FCB6E3A423F7B] - 13/05/2014 - 20:02:59 ---A- . (...) -- C:\Windows\AutoKMS.log [282379] =>Trojan.Keygen
O44 - LFC:[MD5.83BDAC99D6B94BC2F1BF5851B7C7792A] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148676]
O44 - LFC:[MD5.CE87700FFC13AF03C110C2C2A4C5080E] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709186]
O44 - LFC:[MD5.F7EC875F6DF1BC9E505B66E27C9E6D17] - 14/05/2014 - 07:04:19 ---A- . (...) -- C:\zoek-results.log [33890]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 17/05/2014 - 09:23:49 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
~ Files: 53 Legitimates Filtered in 01mn 23s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{05039c9b-6e5e-11e2-9d1b-002511c036fc}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
O51 - MPSK:{db2c6d9d-8a3c-11e2-aa99-002511c036fc}\AutoRun\command. (...) -- F:\ZTE_Handset_USB_DriverV5.2066.1.8.exe (.not file.)
O51 - MPSK:{f44a3344-2c2c-11e1-bc87-002511c036fc}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.IV32"="ir32.dll" . (...) -- C:\Windows\System32\ir32.dll
~ TDSD: 8 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760] =>.ALWIL Software
O58 - SDL:18/04/2003 - 12:15:56 ---A- . (.Accapella Ltd. - USB Driver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachUsb.sys [46368]
O58 - SDL:25/01/2003 - 00:12:20 ---A- . (.Accapella Ltd. - Video Capture Minidriver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachVc.sys [46048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:23/08/2013 - 13:34:54 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:17/05/2014 - 09:23:49 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:07/03/2014 - 20:23:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:20/10/2012 - 22:07:59 RSHA- . (...) -- C:\Windows\System32\CA4277406B.sys [88]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:20/10/2012 - 22:07:59 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 06s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 23/08/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 163 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Mamãe\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Mamãe\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C44A32F3A10F7EA019E198620FC46A17] [SPRF][08/06/2013] (...) -- C:\Users\Aline\AppData\Roaming\unins000.dat [12376]
[MD5.393009B9EC49AB69ED10597D54743BA3] [SPRF][03/01/2014] (...) -- C:\Users\Aline\AppData\Roaming\unins001.dat [25952]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{75EC18D3-A83F-448E-9B42-D8A43A5DA834}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38B1B151-AEB7-4E5D-8C3E-E3652266E827}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 05s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][27/08/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e57aa.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 11s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 407 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6835 Legitimates Filtered in 00mn 16s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe
SS - | Auto 27/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 24/09/2011 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/09/2011 20549 | (Apache2.2) . (.Apache Software Foundation.) - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
SR - | Auto 30/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 22/04/2013 14243 | (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/06/2007 177704 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s
---\\ Scâner Aditional (088)
Database Version : 13045 - (17/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 8
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ROC_roc_ssl_v12 =>Toolbar.AVGSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Aline\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Program Files\V9Soft =>PUP.V9Software
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Windows\Installer\e57aa.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 343015 Items scanned in 02mn 19s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
~ MSI: 6 link(s) detected in 00mn 00s
~ 1039 Legitimates filtered by white list
End of the scan (603 lines in 07mn 19s)(0)
Segue o LOG:
~ Relatório do ZHPDiag v2014.5.17.66 - Nicolas Coolman (17/05/2014)
~ Iniciado por Aline (17/05/2014 19:15:37)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
AVG 2012 v12.0.2437
Malwarebytes Anti-Malware versão 2.0.1.1004
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Norton Internet Security v19.1.0.28
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29625 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 68 GB (45%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ALINE-PC
~ User Name: Aline
~ All Users Names: Mamãe, HomeGroupUser$, Giulia, Convidado, Aline, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aline\AppData\Roaming\
~ %Desktop% : C:\Users\Aline\Desktop\
~ %Favorites% : C:\Users\Aline\Favorites\
~ %LocalAppData% : C:\Users\Aline\AppData\Local\
~ %StartMenu% : C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 68 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/522
~ Mes musiques (My Musics) : 153/697
~ Mes Videos (My Videos) : 14/69
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/25
~ Mon Bureau (My Desktop) : 10/347
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 08s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [519720] [PID.772]
[MD5.1EE3643D1AA747222427F63353611AD7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.932]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1580]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1804]
[MD5.44CEAFF41EDE4297F30913DDF80D17C1] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549] [PID.1828]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1856]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1892]
[MD5.8C707EF32463DCAE31CE8549E6F65E66] - (...) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [10900480] [PID.428]
[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.No owner - nTitles PSIService.) -- C:\Windows\system32\PSIService.exe [177704] [PID.2232]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2284]
[MD5.687C6930244387AA5E479B16DEFE4175] - (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe [59440] [PID.2852]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2776]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2616]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3512] =>Toolbar.Google
[MD5.F11C101AA20E5FFC388E62958B90FF38] - (.Apache Software Foundation - Apache HTTP Server Monitor.) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [41051] [PID.3644]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [641832] [PID.2588]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.5352]
[MD5.36C727491F1F934EF3CAEE686C946DE5] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [296392] [PID.4476]
[MD5.C948AC73822CA662CF44185B909EA18B] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [720064] [PID.208]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.2484]
[MD5.1F0D27B7142CDEA3FBEC7A7DE56D3D1B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7877120] [PID.5788]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.1016]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Aline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\177jdijm.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 28 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 28 Legitimates Filtered in 00mn 01s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Giulia]: hao123.lnk . (...) -- C:\Users\Aline\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1101.exe (.not file.) =>Adware.BDSearch
O4 - GS\QuickLaunch [Aline]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 42s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AnySend Updater] C:\Program Files\AnySend\AnySendUpdater.exe (.not file.)
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (.not file.)
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1471754635-3302239287-417469607-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-1471754635-3302239287-417469607-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -- C:\Program Files\AVG\AVG2012\avgdtiex.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
O23 - Service: MySQL56 (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
~ Services: 12 Legitimates Filtered in 00mn 25s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{05A55A91-EB5A-4D88-86BC-9ADBDEE1A2A5}] (...) -- C:\Users\Aline\Downloads\B2CAppSetup (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0B1E984E-6450-42F2-8DE4-F1064355EE1F}] (...) -- C:\Users\Aline\Downloads\bankerfix.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3E2467A3-2330-4738-BA4F-7993C1158BDC}] (...) -- C:\Users\Aline\Downloads\auxsetup_x86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{73992451-FBBF-4DE4-91C5-CCAC0A34AFD6}] (...) -- C:\Users\Aline\Desktop\zoek.pif -d C:\Users\Aline\Desktop (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{78499667-0343-4A0A-A50D-6C5F546C68B1}] (...) -- D:\Install_Win\install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BE037BDF-18C3-4E4A-ACDE-E86613F13E56}] (...) -- C:\Users\Aline\Desktop\VirtualDub\auxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CEFEFDE2-032F-410E-8C84-F4B96A2078F9}] (...) -- C:\Users\Aline\Desktop\zoek.scr -d C:\Users\Aline\Desktop -c \S (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
~ Scheduled Task: 44 Legitimates Filtered in 00mn 23s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 08s
---\\ Software instalados (042)
O42 - Logiciel: BB Token Admin Tool - (.Watchdata Technologies Pte., Ltd..) [HKLM] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
~ Key Software: 319 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/01/2014 - 12:11:45 - [] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 07/10/2013 - 17:42:04 - [] ----D C:\Program Files\Brazil
O43 - CFD: 06/03/2014 - 09:25:13 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 14/04/2013 - 23:07:14 - [] ----D C:\Program Files\UnlockPhone
O43 - CFD: 11/08/2012 - 09:41:20 - [0] ----D C:\Program Files\v9Soft
O43 - CFD: 24/01/2014 - 12:09:49 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/05/2013 - 16:27:06 - [] ----D C:\Users\Aline\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 29/09/2013 - 16:50:07 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint
O43 - CFD: 04/07/2013 - 02:20:48 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint.F58001C6A320BE09FB6D7E092A4A96AA9BF1591A.1
~ Program Folder: 237 Legitimates Filtered in 00mn 04s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 12/05/2014 - 22:23:52 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.3F4C462EAA0D94D2B7428F2AE41C2D8A] - 12/05/2014 - 23:13:35 ---A- . (...) -- C:\DelFix.txt [743]
O44 - LFC:[MD5.00187AA2D82BBB30BF2FCB6E3A423F7B] - 13/05/2014 - 20:02:59 ---A- . (...) -- C:\Windows\AutoKMS.log [282379] =>Trojan.Keygen
O44 - LFC:[MD5.83BDAC99D6B94BC2F1BF5851B7C7792A] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148676]
O44 - LFC:[MD5.CE87700FFC13AF03C110C2C2A4C5080E] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709186]
O44 - LFC:[MD5.F7EC875F6DF1BC9E505B66E27C9E6D17] - 14/05/2014 - 07:04:19 ---A- . (...) -- C:\zoek-results.log [33890]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 17/05/2014 - 09:23:49 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
~ Files: 53 Legitimates Filtered in 01mn 23s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{05039c9b-6e5e-11e2-9d1b-002511c036fc}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
O51 - MPSK:{db2c6d9d-8a3c-11e2-aa99-002511c036fc}\AutoRun\command. (...) -- F:\ZTE_Handset_USB_DriverV5.2066.1.8.exe (.not file.)
O51 - MPSK:{f44a3344-2c2c-11e1-bc87-002511c036fc}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.IV32"="ir32.dll" . (...) -- C:\Windows\System32\ir32.dll
~ TDSD: 8 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760] =>.ALWIL Software
O58 - SDL:18/04/2003 - 12:15:56 ---A- . (.Accapella Ltd. - USB Driver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachUsb.sys [46368]
O58 - SDL:25/01/2003 - 00:12:20 ---A- . (.Accapella Ltd. - Video Capture Minidriver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachVc.sys [46048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:23/08/2013 - 13:34:54 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:17/05/2014 - 09:23:49 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:07/03/2014 - 20:23:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:20/10/2012 - 22:07:59 RSHA- . (...) -- C:\Windows\System32\CA4277406B.sys [88]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:20/10/2012 - 22:07:59 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 06s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 23/08/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 163 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C44A32F3A10F7EA019E198620FC46A17] [SPRF][08/06/2013] (...) -- C:\Users\Aline\AppData\Roaming\unins000.dat [12376]
[MD5.393009B9EC49AB69ED10597D54743BA3] [SPRF][03/01/2014] (...) -- C:\Users\Aline\AppData\Roaming\unins001.dat [25952]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{75EC18D3-A83F-448E-9B42-D8A43A5DA834}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38B1B151-AEB7-4E5D-8C3E-E3652266E827}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 05s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][27/08/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e57aa.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 11s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 407 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6835 Legitimates Filtered in 00mn 16s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe
SS - | Auto 27/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 24/09/2011 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/09/2011 20549 | (Apache2.2) . (.Apache Software Foundation.) - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
SR - | Auto 30/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 22/04/2013 14243 | (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/06/2007 177704 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s
---\\ Scâner Aditional (088)
Database Version : 13045 - (17/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 8
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ROC_roc_ssl_v12 =>Toolbar.AVGSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Aline\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Program Files\V9Soft =>PUP.V9Software
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Windows\Installer\e57aa.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 343015 Items scanned in 02mn 19s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
~ MSI: 6 link(s) detected in 00mn 00s
~ 1039 Legitimates filtered by white list
End of the scan (603 lines in 07mn 19s)(0)
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Erro Ativação do Firewall
por Power Max Sáb 17 maio 2014, 20:07
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
__________________________________________________________________________________________________________
No seu PC estão constando vários antivirus instalados, tais como o AVG, Avast... É muito importante você ter apenas um antivírus no seu computador, pois mais de um antivírus pode gerar conflito entre eles e prejudicar o funcionamento de seu PC. Veja mais informações sobre esta questão nesta matéria abaixo:Por que não se deve utilizar dois ou mais antivírus?
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
__________________________________________________________________________________________________________
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em azul abaixo para ser analisado:C:\Windows\System32\CA4277406B.sys
Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.
Última edição por Power Max em Seg 19 maio 2014, 23:35, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Log ZHP Fix - Virus Total
por Aline Angélica Sáb 17 maio 2014, 21:27
Max,
Na lista de programas do meu computador, só aparece o AVAST como antivirus, não consigo desinstalar os outros, tem uma ideia do por quê?
Seguem os logs:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aline at 17/05/2014 21:25:12
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: CLSID Extra Buttons: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}]
ELIMINÉ: Service: AVGIDSAgent
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ CLSID MPSK: {05039c9b-6e5e-11e2-9d1b-002511c036fc}
ELIMINÉ CLSID MPSK: {db2c6d9d-8a3c-11e2-aa99-002511c036fc}
ELIMINÉ CLSID MPSK: {f44a3344-2c2c-11e1-bc87-002511c036fc}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASMANCS
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (7) (95.119 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {05A55A91-EB5A-4D88-86BC-9ADBDEE1A2A5}
ELIMINÉ: {0B1E984E-6450-42F2-8DE4-F1064355EE1F}
ELIMINÉ: {3E2467A3-2330-4738-BA4F-7993C1158BDC}
ELIMINÉ: {73992451-FBBF-4DE4-91C5-CCAC0A34AFD6}
ELIMINÉ: {78499667-0343-4A0A-A50D-6C5F546C68B1}
ELIMINÉ: {BE037BDF-18C3-4E4A-ACDE-E86613F13E56}
ELIMINÉ: {CEFEFDE2-032F-410E-8C84-F4B96A2078F9}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
15 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
7 : Tarefa planificada
1 : Restauração Sistema
End of clean in 02mn 57s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aline\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/05/2014 21:25:17 [2293]
Na lista de programas do meu computador, só aparece o AVAST como antivirus, não consigo desinstalar os outros, tem uma ideia do por quê?
Seguem os logs:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aline at 17/05/2014 21:25:12
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: CLSID Extra Buttons: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}]
ELIMINÉ: Service: AVGIDSAgent
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ CLSID MPSK: {05039c9b-6e5e-11e2-9d1b-002511c036fc}
ELIMINÉ CLSID MPSK: {db2c6d9d-8a3c-11e2-aa99-002511c036fc}
ELIMINÉ CLSID MPSK: {f44a3344-2c2c-11e1-bc87-002511c036fc}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASMANCS
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (7) (95.119 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {05A55A91-EB5A-4D88-86BC-9ADBDEE1A2A5}
ELIMINÉ: {0B1E984E-6450-42F2-8DE4-F1064355EE1F}
ELIMINÉ: {3E2467A3-2330-4738-BA4F-7993C1158BDC}
ELIMINÉ: {73992451-FBBF-4DE4-91C5-CCAC0A34AFD6}
ELIMINÉ: {78499667-0343-4A0A-A50D-6C5F546C68B1}
ELIMINÉ: {BE037BDF-18C3-4E4A-ACDE-E86613F13E56}
ELIMINÉ: {CEFEFDE2-032F-410E-8C84-F4B96A2078F9}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
15 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
7 : Tarefa planificada
1 : Restauração Sistema
End of clean in 02mn 57s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aline\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/05/2014 21:25:17 [2293]
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Erro Ativação do Firewall
por Power Max Sáb 17 maio 2014, 21:34
Na lista de programas do meu computador, só aparece o AVAST como antivirus, não consigo desinstalar os outros, tem uma ideia do por quê?
Use estes dois desinstaladores para remover os antivirus que estão sobrando no seu PC:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________
Depois de usar os dois desinstaladores acima abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Log ZHP
por Aline Angélica Seg 19 maio 2014, 23:33
Max, o primeiro desinstalador funcionou, mas o do AVG fica dando erro... Aí, não sei o que aconteceu o computador desligou com tudo e não ligava mais, e quando reiniciou pediu para restaurar, eu aceitei. Então, não sei se vou ter que fazer os procedimentos todos de novo. Se tiver, eu faço sem problemas.
~ Relatório do ZHPDiag v2014.5.19.69 - Nicolas Coolman (19/05/2014)
~ Iniciado por Aline (19/05/2014 23:22:23)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
AVG 2012 v12.0.2437
Malwarebytes Anti-Malware versão 2.0.1.1004
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Norton Internet Security v19.1.0.28
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29625 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 70 GB (47%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ALINE-PC
~ User Name: Aline
~ All Users Names: Mamãe, HomeGroupUser$, Giulia, Convidado, Aline, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aline\AppData\Roaming\
~ %Desktop% : C:\Users\Aline\Desktop\
~ %Favorites% : C:\Users\Aline\Favorites\
~ %LocalAppData% : C:\Users\Aline\AppData\Local\
~ %StartMenu% : C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 70 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/522
~ Mes musiques (My Musics) : 153/697
~ Mes Videos (My Videos) : 14/69
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/25
~ Mon Bureau (My Desktop) : 10/406
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 09s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [519720] [PID.768]
[MD5.1EE3643D1AA747222427F63353611AD7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.928]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1580]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1800]
[MD5.44CEAFF41EDE4297F30913DDF80D17C1] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549] [PID.1824]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1852]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1888]
[MD5.8C707EF32463DCAE31CE8549E6F65E66] - (...) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [10900480] [PID.2376]
[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.No owner - nTitles PSIService.) -- C:\Windows\system32\PSIService.exe [177704] [PID.2544]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2616]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [641832] [PID.3816]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3748]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.2664]
[MD5.322522D6FF36A539CAD732D182FA6D18] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7878656] [PID.4904]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.5212]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Aline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\177jdijm.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 28 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 28 Legitimates Filtered in 00mn 01s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Aline]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 21s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -- C:\Program Files\AVG\AVG2012\avgdtiex.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
O23 - Service: MySQL56 (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
~ Services: 12 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{05A55A91-EB5A-4D88-86BC-9ADBDEE1A2A5}] (...) -- C:\Users\Aline\Downloads\B2CAppSetup (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0B1E984E-6450-42F2-8DE4-F1064355EE1F}] (...) -- C:\Users\Aline\Downloads\bankerfix.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3E2467A3-2330-4738-BA4F-7993C1158BDC}] (...) -- C:\Users\Aline\Downloads\auxsetup_x86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{73992451-FBBF-4DE4-91C5-CCAC0A34AFD6}] (...) -- C:\Users\Aline\Desktop\zoek.pif -d C:\Users\Aline\Desktop (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{78499667-0343-4A0A-A50D-6C5F546C68B1}] (...) -- D:\Install_Win\install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BE037BDF-18C3-4E4A-ACDE-E86613F13E56}] (...) -- C:\Users\Aline\Desktop\VirtualDub\auxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CEFEFDE2-032F-410E-8C84-F4B96A2078F9}] (...) -- C:\Users\Aline\Desktop\zoek.scr -d C:\Users\Aline\Desktop -c \S (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
~ Scheduled Task: 45 Legitimates Filtered in 00mn 09s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: BB Token Admin Tool - (.Watchdata Technologies Pte., Ltd..) [HKLM] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\GbAs]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
~ Key Software: 323 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/05/2014 - 16:22:40 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 07/10/2013 - 17:42:04 - [] ----D C:\Program Files\Brazil
O43 - CFD: 06/03/2014 - 09:25:13 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 14/04/2013 - 23:07:14 - [] ----D C:\Program Files\UnlockPhone
O43 - CFD: 19/05/2014 - 16:22:42 - [] ----D C:\Users\Aline\AppData\Roaming\Baidu Security
O43 - CFD: 29/09/2013 - 16:50:07 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint
O43 - CFD: 04/07/2013 - 02:20:48 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint.F58001C6A320BE09FB6D7E092A4A96AA9BF1591A.1
~ Program Folder: 236 Legitimates Filtered in 00mn 03s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 12/05/2014 - 22:23:52 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.3F4C462EAA0D94D2B7428F2AE41C2D8A] - 12/05/2014 - 23:13:35 ---A- . (...) -- C:\DelFix.txt [743]
O44 - LFC:[MD5.83BDAC99D6B94BC2F1BF5851B7C7792A] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148676]
O44 - LFC:[MD5.CE87700FFC13AF03C110C2C2A4C5080E] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709186]
O44 - LFC:[MD5.F7EC875F6DF1BC9E505B66E27C9E6D17] - 14/05/2014 - 07:04:19 ---A- . (...) -- C:\zoek-results.log [33890]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 19/05/2014 - 22:59:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
~ Files: 52 Legitimates Filtered in 00mn 23s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{05039c9b-6e5e-11e2-9d1b-002511c036fc}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
O51 - MPSK:{db2c6d9d-8a3c-11e2-aa99-002511c036fc}\AutoRun\command. (...) -- F:\ZTE_Handset_USB_DriverV5.2066.1.8.exe (.not file.)
O51 - MPSK:{f44a3344-2c2c-11e1-bc87-002511c036fc}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.IV32"="ir32.dll" . (...) -- C:\Windows\System32\ir32.dll
~ TDSD: 8 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AnySend Updater [Key] . (...) -- C:\Program Files\AnySend\AnySendUpdater.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ROC_roc_ssl_v12 [Key] . (...) -- C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\wdbraz_certm [Key] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
~ SMSR Keys: 20 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760] =>.ALWIL Software
O58 - SDL:18/04/2003 - 12:15:56 ---A- . (.Accapella Ltd. - USB Driver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachUsb.sys [46368]
O58 - SDL:25/01/2003 - 00:12:20 ---A- . (.Accapella Ltd. - Video Capture Minidriver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachVc.sys [46048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:23/08/2013 - 13:34:54 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/05/2014 - 22:59:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:07/03/2014 - 20:23:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:20/10/2012 - 22:07:59 RSHA- . (...) -- C:\Windows\System32\CA4277406B.sys [88]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:20/10/2012 - 22:07:59 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 23/08/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 163 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Mamãe\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Mamãe\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C44A32F3A10F7EA019E198620FC46A17] [SPRF][08/06/2013] (...) -- C:\Users\Aline\AppData\Roaming\unins000.dat [12376]
[MD5.393009B9EC49AB69ED10597D54743BA3] [SPRF][03/01/2014] (...) -- C:\Users\Aline\AppData\Roaming\unins001.dat [25952]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{75EC18D3-A83F-448E-9B42-D8A43A5DA834}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38B1B151-AEB7-4E5D-8C3E-E3652266E827}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 05s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][27/08/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e57aa.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 11s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 407 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6835 Legitimates Filtered in 00mn 20s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe
SS - | Auto 27/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 24/09/2011 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/09/2011 20549 | (Apache2.2) . (.Apache Software Foundation.) - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
SR - | Auto 30/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 22/04/2013 14243 | (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/06/2007 177704 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s
---\\ Scâner Aditional (088)
Database Version : 13029 - (19/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\e57aa.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 342241 Items scanned in 01mn 56s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ MSI: 4 link(s) detected in 00mn 00s
~ 1051 Legitimates filtered by white list
End of the scan (570 lines in 04mn 44s)(0)
~ Relatório do ZHPDiag v2014.5.19.69 - Nicolas Coolman (19/05/2014)
~ Iniciado por Aline (19/05/2014 23:22:23)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
AVG 2012 v12.0.2437
Malwarebytes Anti-Malware versão 2.0.1.1004
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Norton Internet Security v19.1.0.28
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29625 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 70 GB (47%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ALINE-PC
~ User Name: Aline
~ All Users Names: Mamãe, HomeGroupUser$, Giulia, Convidado, Aline, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aline\AppData\Roaming\
~ %Desktop% : C:\Users\Aline\Desktop\
~ %Favorites% : C:\Users\Aline\Favorites\
~ %LocalAppData% : C:\Users\Aline\AppData\Local\
~ %StartMenu% : C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 70 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/522
~ Mes musiques (My Musics) : 153/697
~ Mes Videos (My Videos) : 14/69
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/25
~ Mon Bureau (My Desktop) : 10/406
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 09s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [519720] [PID.768]
[MD5.1EE3643D1AA747222427F63353611AD7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.928]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1580]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1800]
[MD5.44CEAFF41EDE4297F30913DDF80D17C1] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549] [PID.1824]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1852]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1888]
[MD5.8C707EF32463DCAE31CE8549E6F65E66] - (...) -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [10900480] [PID.2376]
[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.No owner - nTitles PSIService.) -- C:\Windows\system32\PSIService.exe [177704] [PID.2544]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2616]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [641832] [PID.3816]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3748]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.2664]
[MD5.322522D6FF36A539CAD732D182FA6D18] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7878656] [PID.4904]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.5212]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Aline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\177jdijm.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aline\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 28 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 28 Legitimates Filtered in 00mn 01s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Aline]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 21s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -- C:\Program Files\AVG\AVG2012\avgdtiex.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BDB0DE0-3F99-444C-9367-30D665A80EBB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A1176648-0D85-4C71-87DD-E66320287DF4}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
O23 - Service: MySQL56 (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
~ Services: 12 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{05A55A91-EB5A-4D88-86BC-9ADBDEE1A2A5}] (...) -- C:\Users\Aline\Downloads\B2CAppSetup (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0B1E984E-6450-42F2-8DE4-F1064355EE1F}] (...) -- C:\Users\Aline\Downloads\bankerfix.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3E2467A3-2330-4738-BA4F-7993C1158BDC}] (...) -- C:\Users\Aline\Downloads\auxsetup_x86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{73992451-FBBF-4DE4-91C5-CCAC0A34AFD6}] (...) -- C:\Users\Aline\Desktop\zoek.pif -d C:\Users\Aline\Desktop (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{78499667-0343-4A0A-A50D-6C5F546C68B1}] (...) -- D:\Install_Win\install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BE037BDF-18C3-4E4A-ACDE-E86613F13E56}] (...) -- C:\Users\Aline\Desktop\VirtualDub\auxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CEFEFDE2-032F-410E-8C84-F4B96A2078F9}] (...) -- C:\Users\Aline\Desktop\zoek.scr -d C:\Users\Aline\Desktop -c \S (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1471754635-3302239287-417469607-1001UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
~ Scheduled Task: 45 Legitimates Filtered in 00mn 09s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: BB Token Admin Tool - (.Watchdata Technologies Pte., Ltd..) [HKLM] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\GbAs]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
~ Key Software: 323 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/05/2014 - 16:22:40 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 07/10/2013 - 17:42:04 - [] ----D C:\Program Files\Brazil
O43 - CFD: 06/03/2014 - 09:25:13 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 14/04/2013 - 23:07:14 - [] ----D C:\Program Files\UnlockPhone
O43 - CFD: 19/05/2014 - 16:22:42 - [] ----D C:\Users\Aline\AppData\Roaming\Baidu Security
O43 - CFD: 29/09/2013 - 16:50:07 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint
O43 - CFD: 04/07/2013 - 02:20:48 - [] ----D C:\Users\Aline\AppData\Roaming\Elementary-Reprint.F58001C6A320BE09FB6D7E092A4A96AA9BF1591A.1
~ Program Folder: 236 Legitimates Filtered in 00mn 03s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 12/05/2014 - 22:23:52 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.3F4C462EAA0D94D2B7428F2AE41C2D8A] - 12/05/2014 - 23:13:35 ---A- . (...) -- C:\DelFix.txt [743]
O44 - LFC:[MD5.83BDAC99D6B94BC2F1BF5851B7C7792A] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148676]
O44 - LFC:[MD5.CE87700FFC13AF03C110C2C2A4C5080E] - 13/05/2014 - 22:41:02 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709186]
O44 - LFC:[MD5.F7EC875F6DF1BC9E505B66E27C9E6D17] - 14/05/2014 - 07:04:19 ---A- . (...) -- C:\zoek-results.log [33890]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 19/05/2014 - 22:59:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
~ Files: 52 Legitimates Filtered in 00mn 23s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{05039c9b-6e5e-11e2-9d1b-002511c036fc}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
O51 - MPSK:{db2c6d9d-8a3c-11e2-aa99-002511c036fc}\AutoRun\command. (...) -- F:\ZTE_Handset_USB_DriverV5.2066.1.8.exe (.not file.)
O51 - MPSK:{f44a3344-2c2c-11e1-bc87-002511c036fc}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.IV32"="ir32.dll" . (...) -- C:\Windows\System32\ir32.dll
~ TDSD: 8 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AnySend Updater [Key] . (...) -- C:\Program Files\AnySend\AnySendUpdater.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ROC_roc_ssl_v12 [Key] . (...) -- C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\wdbraz_certm [Key] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
~ SMSR Keys: 20 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:30/03/2014 - 17:37:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760] =>.ALWIL Software
O58 - SDL:18/04/2003 - 12:15:56 ---A- . (.Accapella Ltd. - USB Driver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachUsb.sys [46368]
O58 - SDL:25/01/2003 - 00:12:20 ---A- . (.Accapella Ltd. - Video Capture Minidriver for Digital Camera.) -- C:\Windows\System32\Drivers\CoachVc.sys [46048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:23/08/2013 - 13:34:54 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/05/2014 - 22:59:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:07/03/2014 - 20:23:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:20/10/2012 - 22:07:59 RSHA- . (...) -- C:\Windows\System32\CA4277406B.sys [88]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:20/10/2012 - 22:07:59 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 23/08/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 163 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C44A32F3A10F7EA019E198620FC46A17] [SPRF][08/06/2013] (...) -- C:\Users\Aline\AppData\Roaming\unins000.dat [12376]
[MD5.393009B9EC49AB69ED10597D54743BA3] [SPRF][03/01/2014] (...) -- C:\Users\Aline\AppData\Roaming\unins001.dat [25952]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{75EC18D3-A83F-448E-9B42-D8A43A5DA834}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38B1B151-AEB7-4E5D-8C3E-E3652266E827}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 05s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][27/08/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e57aa.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 11s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\imbooster_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 407 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6835 Legitimates Filtered in 00mn 20s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (AVGIDSAgent) . (...) - C:\Program Files\AVG\AVG2012\avgidsagent.exe
SS - | Auto 27/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 24/09/2011 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/09/2011 20549 | (Apache2.2) . (.Apache Software Foundation.) - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
SR - | Auto 30/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 22/04/2013 14243 | (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/06/2007 177704 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s
---\\ Scâner Aditional (088)
Database Version : 13029 - (19/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\e57aa.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 342241 Items scanned in 01mn 56s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ MSI: 4 link(s) detected in 00mn 00s
~ 1051 Legitimates filtered by white list
End of the scan (570 lines in 04mn 44s)(0)
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Erro Ativação do Firewall
por Power Max Ter 20 maio 2014, 00:18
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em azul abaixo para ser analisado:
C:\Windows\System32\CA4277406B.sys
Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o log do ZHPFix pedido nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
________________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.
C:\Windows\System32\CA4277406B.sys
Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o log do ZHPFix pedido nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
________________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Erro Ativação do Firewall
por Danii Sex 06 Jun 2014, 10:42
TÓPICO ARQUIVADO
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Tópicos semelhantes» ATIVAÇÃO DO SEVEN
» ativação windows 7 Problema
» problemas com firewall.
» <!> Conficker: ativação da praga ocorre sem incidentes, mas ameaça continua
» Problemas com Firewall
» ativação windows 7 Problema
» problemas com firewall.
» <!> Conficker: ativação da praga ocorre sem incidentes, mas ameaça continua
» Problemas com Firewall
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|